Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-vqrm-83g6-pfv4: Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.

ghsa
Open in Source
#xss#vulnerability#web#auth
GHSA-62g9-99m7-w8wv: Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.

GHSA-99f7-hp6j-v6q4: Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

GHSA-mqxx-c43h-jj9v: Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.

GHSA-4q2v-9p7v-3v22: Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Talos IR ransomware engagements and the significance of timeliness in incident response

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.

GHSA-vhvx-8xgc-99wf: DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

### Impact A path traversal vulnerability is possible during the import of an archive (in [Simple Archive Format](https://wiki.lyrasis.org/pages/viewpage.action?pageId=104566653)), either from command-line (`./dspace import` command) or from the "Batch Import (Zip)" user interface feature. _This vulnerability likely impacts all versions of DSpace 1.x <= 7.6.3, 8.0 <= 8.1, and 9.0_. An attacker may craft a malicious Simple Archive Format (SAF) package where the `contents` file references any system files (using relative traversal sequences) which are readable by the Tomcat user. If such a package is imported, this will result in sensitive content disclose, including retrieving arbitrary files or configurations from the server where DSpace is running. **The Simple Archive Format (SAF) importer / Batch Import (Zip) is only usable by site administrators** (from user interface / REST API) or system administrators (from command-line). Therefore, to exploit this vulnerability, the malic...